Our Threat Research team at Palo Alto Networks is actively sharing their intelligence and findings on the global stage in some upcoming events:
BSides - Singapore, September 22, 2023
Security BSides is a global network of independent information security conferences and events that are connected through their common goal of promoting a more accessible, community-driven, content-driven, and inclusive approach to information security and privacy education. Their BSides Singapore conference is organized by a non-profit organization (BSidesSG Pte. Ltd.) created for this same purpose and with the support and involvement of securitybsides.org.
Session: Three's Company: Investigating an Espionage Campaign featuring Multiple Threat Actors
Presenters: Lior Rochberger, senior threat researcher on the Cortex Threat Research team, and Tom Fakterman, threat researcher on the Cortex Threat Research team.
Overview: In the realm of threat intelligence, attribution poses significant challenges for researchers. What may initially appear as a straightforward operation can quickly evolve into a complex investigation involving multiple threat actors. Lior and Tom present an investigation involving multiple clusters of activity targeting government sector entities in a Southeast Asian country. Through the findings associated with each cluster, they will illustrate the need for researchers to look beyond the surface and identify subtle nuances in tactics, techniques, and procedures (TTPs) to draw accurate attribution conclusions.
”What can we do when, during an investigation, we discover we are dealing with multiple kill chains? How do we begin to tackle this task? How can we determine where one kill chain ends and another begins? Join us as we share our story of how we discovered an operation involving multiple clusters of activity targeting the government sector in a Southeast Asian country.”
SANS in London-CyberThreat 2023, November 20-21, 2023
The SANs Institute was launched in 1989 as a cooperative for information security thought leadership, with an ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place. They fuel this effort with high quality training, certifications, scholarship academies, degree programs, cyber ranges, and resources to meet the needs of every cyber professional. Their data, research, and the top minds in cybersecurity collectively ensure that individuals and organizations have the actionable education and support they need.
Below are two exciting sessions presented by Daniel Frank and Lior Rochberger:
Session: Everyone Gets a Web Shell! Or, Backdooring Web Hosting Companies in Scale
Presenter: Daniel Frank, principal threat researcher on the Cortex Threat Research team
Overview: What happens when a threat actor decides to directly go after web-hosting providers who host thousands of websites? Daniel will explore the evolution of a determined threat actor whose activity was documented only once so far. He will provide analysis of a custom-built backdooring tool that was used to compromise hundreds of hosted websites. Daniel will share with the audience threat hunting methodology, technical analysis, and actionable intelligence.
“What happens when a threat actor decides to directly go after web-hosting providers?
Join me in exploring the evolution of a rarely seen threat actor. We will dive into the technical details of a custom tool that was used to backdoor hundreds of websites. We will also learn what actionable intelligence can be derived from this case study of a fully fledged hacking operation.”
Session: Hunting Down a New Activity Group Targeting Governments in the Middle East and Africa
Presenter: Lior Rochberger, senior threat researcher on the Cortex Threat Research team
Overview: In the era of ever-evolving world of cyber warfare, the global cyber landscape has become a battlefield where nation-states deploy new, cutting-edge techniques to obtain non-public and confidential information. An example for such a player is the newly discovered activity group, “CL-STA-0043”, whose level of sophistication, determination, and espionage motives bear the hallmarks of a true advanced persistent threat.
Join Lior as she lays down the story behind CL-STA-0043's targeted attacks on government entities in the Middle East and Africa and dissects their previously undisclosed tactics, techniques, and procedures—designed to penetrate even the most fortified defenses and evade traditional security measures.
“Cyber warfare is a covert battleground where nations employ advanced techniques to infiltrate and acquire confidential information. While we've seen numerous attacks orchestrated by nation-state APTs, witnessing an operation that simultaneously targets multiple governmental entities while deploying a range of rare and unreported tools and techniques remains a relatively uncommon occurrence. CL-STA-0043 stands as a remarkable illustration of this, showcasing a level of sophistication and adaptiveness in a true advanced persistent threat.”